The Privacy Engineer's Companion: A Workbook of Guidance, Tools, Methodologies, and Templates
暫譯: 隱私工程師的夥伴：指導、工具、方法論與範本工作手冊

學習如何將隱私工程融入軟體、系統和應用程式。本書是開發人員、工程師、架構師和程式設計師的資源。它提供了工具、方法論、範本、工作表以及在軟體中工程化隱私的指導——從構思到發布及以後，無論是針對工具、技術、產品、系統、解決方案還是應用程式。

《隱私工程師的夥伴：指導、工具、方法論和範本的工作手冊》可以與2014年ApressOpen暢銷書《隱私工程師的宣言》一起使用。它訓練並裝備使用者參與自己的隱私範疇需求工作坊，撰寫隱私使用案例或“故事”，以便於敏捷開發，記錄用戶介面的隱私模式，進行評估；與產品和資訊安全團隊對齊。而且，也許最重要的是，本書清晰地闡明了一個至關重要的需求——保護個人資訊——這在工程過程中常常被神秘化。從政策到代碼，再到質量保證和價值，所有內容都在這些頁面中。

您將學到的內容：

- 如何將公平資訊原則視為可行的規範性陳述
- 如何將隱私解碼為可設計和編碼的功能需求
- 如何準備和進行隱私範疇需求工作坊
- 如何將隱私需求轉換為可用的故事以便於敏捷開發
- 如何指導用戶介面設計師設計隱私控制和介面
- 如何訪問軟體、系統、應用程式和應用，查看是否已實施必要的隱私控制
- 如何創建隱私工程文檔（如數據流圖和隱私影響評估），以便將部落知識轉化為機構知識
- 如何訪問並準備企業以支持隱私工程

本書的讀者對象：本書旨在服務廣泛的受眾和多個利益相關者。這些受眾包括任何參與架構、設計、開發、部署和審查處理個人資訊的系統、產品、流程、應用程式和應用的人士。本工作手冊將吸引軟體/硬體工程師、技術計畫和產品經理、支援和銷售工程師、系統整合商、IT專業人員、律師以及資訊隱私和安全專業人士。

Michelle Finneran Dennedy (@mdennedy) is Vice President and Chief Privacy Officer at Cisco, where she works to raise awareness and create tools that promote privacy, quality, integrity, respect and asset-level possibilities for data. A sought-after technology industry speaker and thought leader, Michelle is passionate about data privacy and protection, and for building better technology that matters. She works closely with families, executives, innovators and dreamers at all levels and in businesses and organizations at all stages to support the combination of policy, practice and tools. She is a board member of the International Association of Privacy Professionals (IAPP) and the Committee for Economic Development (CED) and the chair of the IEEE 7002 Working Group on Data Privacy.
Jonathan Fox, Director of Privacy Engineering and Strategy and Planning, is a member of Cisco's Chief Privacy Office and co-author of THE PRIVACY ENGINEER'S MANIFESTO, Getting from Policy to Code to QA to Value (ApressOpen 2014). With over 17 years of privacy experience, Jonathan's principal areas of focus have been product development, government relations, mergers and acquisitions, and training. He is a Certified Information Privacy Professional (CIPP/US), a Certified Information Privacy Manager (CIPM), and was a Certified Information Security Manager (CISM). Prior to Cisco, Jonathan was a Senior Privacy Engineer at Intel. His previous roles have included Director of Data Privacy, McAfee; Director of Privacy, eBay; Deputy Chief Privacy Officer for Sun Microsystems, and Editor-in-Chief of sun.com. Jonathan frequently speaks at industry events and is a member of the IEEE P7002 Personal Data Privacy Working Group and the OASIS Privacy by Design Documentation for Software Engineers Technical Committee.
Thomas R Finneran is a principal consultant for the iDennedy Project. He has proposed an approach to use the Organization for the Advancement of Structured Information Standards (OASIS) UML Standard for privacy analysis. He was a consultant for over 25 years for CIBER, Inc. He has acquired over 25 years of experience in the field of information technology. His strengths include enterprise (including data, information, knowledge, business, and application) architecture, business and data analysis, UML object analysis and design, logical data modeling, database systems design and analysis, information resource management methodologies, CASE and metadata repository tools, project management, and computer law. He is experienced in almost all application system areas, including real-time data collection systems, inventory control, sales and order processing, personnel, all types of financial systems, the use of expert systems, and project management systems. He has developed and taught training courses in the areas of use cases, relational concepts, strategic data planning, logical data modeling, and the utilization of CASE tools, among others. He is also an experienced intellectual property patent lawyer. For various companies, he has held such titles as director, MIS; manager, corporate data strategy; manager, data administration; managing consultant; manager, standards and education; and systems designer. These companies include the Standard Oil Company, Corning Glass Works, ITT, ADR, and the U.S. Navy. In addition, he was vice president and general counsel of TOMARK, Inc., the developer of the highly successful ABEND-AID software package. He has a bachelor of arts (Ohio State University), a masters of business administration (Roosevelt University), and a juris doctor's degree (Cleveland State). He is a member of the bar of the U.S. Supreme Court and a member of the bar of Ohio, New Jersey, Connecticut and a member of the Patent Bar
Lisa Bobbitt, CISSP, CIPM, is the lead Privacy Engineering architect in Cisco's Privacy Office. Lisa is passionate about embedding privacy awareness, governance, and technology across Cisco by building on the foundation of years of working and innovating (6 patents) in mainframe connectivity, mobile routing protocols, innovative concepts in 3D, voice/video/data in Stadium Vision, government adaptation and trustworthy systems. She believes everyone, as a digital citizen, should be a privacy advocate starting with understanding the value of authorized use of our personally identifiable information while the processors of our personal data making it easy for each person to manage their PII. Lisa has a BS in Computer Science from North Carolina State University and an MBA from Duke University.
Michele D. Guel is a Distinguished Engineer in Cisco's Trust Strategy Office. Her current focus and passion is formulating security and privacy strategies for smart, connect communities (Internet of Things). During her 22 years at Cisco, she has had the opportunity to work on all facets of cybersecurity and had the opportunity to establish many "Firsts" at Cisco. As a security architect for many year, Michele was always about "Building it in, not bolting it on." She is now bringing this passion to the privacy field with a focus on privacy engineering in the IoT Space. Michele holds the following certifications: CISSP, CIPM, GSEC401, and is a member of the IEEE P7002 Personal Data Privacy Working Group. She has a MS in Software Engineering with a concentration in Cybersecurity. Michele has been an avid participant, speaker, teacher, influencer and evangelist in the cyber security industry for over 27 years.

米歇爾·芬納蘭·丹尼迪（Michelle Finneran Dennedy，@mdennedy）是思科（Cisco）的副總裁及首席隱私官，致力於提高人們對隱私的認識並創建促進隱私、質量、完整性、尊重及數據資產層級可能性的工具。作為一位備受追捧的科技產業演講者和思想領袖，米歇爾對數據隱私和保護充滿熱情，並致力於構建更有意義的技術。她與各級家庭、企業高管、創新者和夢想者密切合作，支持政策、實踐和工具的結合。她是國際隱私專業人員協會（IAPP）和經濟發展委員會（CED）的董事會成員，並擔任IEEE 7002數據隱私工作組的主席。

喬納森·福克斯（Jonathan Fox）是隱私工程及策略規劃的主任，隸屬於思科的首席隱私辦公室，並共同撰寫了《隱私工程師宣言》（THE PRIVACY ENGINEER'S MANIFESTO），該書探討了從政策到代碼再到質量保證及價值的過程（ApressOpen 2014）。擁有超過17年的隱私經驗，喬納森的主要專注領域包括產品開發、政府關係、併購及培訓。他是美國資訊隱私專業人員認證（CIPP/US）和資訊隱私管理師（CIPM）的認證專業人士，曾是認證資訊安全經理（CISM）。在加入思科之前，喬納森曾擔任英特爾的高級隱私工程師。他的過去職位包括McAfee的數據隱私主任、eBay的隱私主任、Sun Microsystems的副首席隱私官，以及sun.com的總編輯。喬納森經常在行業活動中發言，並且是IEEE P7002個人數據隱私工作組及OASIS設計隱私文檔技術委員會的成員。

托馬斯·R·芬納蘭（Thomas R Finneran）是iDennedy項目的首席顧問。他提出了一種使用結構化信息標準促進組織（OASIS）UML標準進行隱私分析的方法。他在CIBER, Inc.擔任顧問超過25年，並在資訊技術領域積累了超過25年的經驗。他的專長包括企業架構（包括數據、信息、知識、業務和應用）、業務和數據分析、UML對象分析和設計、邏輯數據建模、數據庫系統設計和分析、信息資源管理方法論、CASE和元數據庫工具、項目管理及計算機法律。他在幾乎所有應用系統領域都有經驗，包括實時數據收集系統、庫存控制、銷售和訂單處理、人事管理、各類金融系統、專家系統的使用以及項目管理系統。他開發並教授過多個領域的培訓課程，包括用例、關聯概念、戰略數據規劃、邏輯數據建模及CASE工具的使用等。他也是一位經驗豐富的知識產權專利律師。在多家公司中，他擔任過MIS主任、企業數據策略經理、數據管理經理、管理顧問、標準和教育經理及系統設計師等職位，這些公司包括標準石油公司、康寧玻璃廠、ITT、ADR及美國海軍。此外，他曾擔任TOMARK, Inc.的副總裁及總法律顧問，該公司開發了成功的ABEND-AID軟件包。他擁有俄亥俄州立大學的文學士學位、羅斯福大學的工商管理碩士學位及克里夫蘭州立大學的法學博士學位。他是美國最高法院的律師及俄亥俄州、新澤西州、康涅狄格州的律師，並且是專利律師。

莉莎·博比特（Lisa Bobbitt），CISSP、CIPM，是思科隱私辦公室的首席隱私工程架構師。莉莎熱衷於在思科內部嵌入隱私意識、治理和技術，基於多年在大型主機連接、移動路由協議、3D創新概念、體育場視覺中的語音/視頻/數據、政府適應及可信系統方面的工作和創新（擁有6項專利）。她相信每個人作為數位公民，都應該成為隱私倡導者，首先要理解授權使用我們的個人可識別信息的價值，同時使每個人能夠輕鬆管理他們的PII。莉莎擁有北卡羅來納州立大學的計算機科學學士學位及杜克大學的工商管理碩士學位。

米歇爾·D·古爾（Michele D. Guel）是思科信任策略辦公室的傑出工程師。她目前的重點和熱情是為智能連接社區（物聯網）制定安全和隱私策略。在思科工作22年期間，她有機會參與網絡安全的各個方面，並在思科建立了許多“首創”。作為多年的安全架構師，米歇爾始終堅持“內建，而非附加”的理念。她現在將這種熱情帶入隱私領域，專注於物聯網領域的隱私工程。米歇爾擁有以下認證：CISSP、CIPM、GSEC401，並且是IEEE P7002個人數據隱私工作組的成員。她擁有專注於網絡安全的軟件工程碩士學位。米歇爾在網絡安全行業參與、演講、教學、影響和宣傳方面已有超過27年的經驗。